Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 31st August 2012, 12:01 PM
linuxquest Offline
Registered User
 
Join Date: Nov 2010
Posts: 7
linuxfirefox
modify sysctl.conf on F17

Hello everyone

I've modified sysctl.conf and now
reboot F17 gives me at start up

Quote:
Failed to start Apply Kernel Variables
See 'systemctl status systemd-sysctl.service' for details.
trying systemctl status systemd-sysctl.service gives me

Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static)
Active: failed (Result: exit-code) since Thu, 30 Aug 2012 17:29:42 +0100; 17h ago
Docs: man:systemd-sysctl.service(8)
man:sysctl.d(5)
Main PID: 669 (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/systemd-sysctl.service

what has changed for sysctl in F17 ?
the reease notes says nothing about that

thanks
Reply With Quote
  #2  
Old 31st August 2012, 12:59 PM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,830
linuxfirefox
Re: modify sysctl.conf on F17

Depends on what you modified. How about showing what it was.
Reply With Quote
  #3  
Old 1st September 2012, 11:36 AM
linuxquest Offline
Registered User
 
Join Date: Nov 2010
Posts: 7
linuxfirefox
Re: modify sysctl.conf on F17

here is my sysctl.conf:

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

#Prevent SYN attack
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0


# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0


# Modify system limits for Ensim WEBppliance
fs.file-max = 65000

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Set maximum amount of memory allocated to shm to 256MB
kernel.shmmax = 268435456

# Improve file system performance
#vm.bdflush = 100 1200 128 512 15 5000 500 1884 2

# Improve virtual memory performance
#vm.buffermem = 90 10 60

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 57344 57344 65536

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 32768 65536 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 98304 196608 1572864

# Increase the maximum and default receive socket buffer size
net.core.rmem_max = 524280
net.core.rmem_default = 524280

# Increase the maximum and default send socket buffer size
net.core.wmem_max = 524280
net.core.wmem_default = 524280

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
Reply With Quote
  #4  
Old 1st September 2012, 12:13 PM
smr54 Offline
Registered User
 
Join Date: Jan 2010
Posts: 5,503
linuxchrome
Re: modify sysctl.conf on F17

Please don't take this wrong, but perhaps you should look at http://www.catb.org/esr/faqs/smart-questions.html

Don't you think it's somewhat unreasonable to go through their own config file to see what you changed?

Many people looking through the forum are busy people, and the odds of you getting help are much higher if you save them time, with for example, I changed this line from X to Y in this file, and now I have this problem. When I changed it back, the problem went away. (Or didn't). Formerly, I used to make this change without issue.
Reply With Quote
  #5  
Old 1st September 2012, 06:17 PM
DBelton Offline
Administrator
 
Join Date: Aug 2009
Posts: 7,320
linuxfirefox
Re: modify sysctl.conf on F17

I don't know what you changed, but even if it loads it, you probably just totally screwed up your TCP/IP performance.

The defaults for the linux kernel are pretty much the best performing options you are going to get. Go monkeying around with them, you are going to trash your performance unless you know EXACTLY what each one does and what you need to change to improve it.
Reply With Quote
  #6  
Old 1st September 2012, 06:41 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 6,032
linuxfirefox
Re: modify sysctl.conf on F17

Looks like he added a whole bunch of stuff. I have the default sysctl.conf and mine is 25 lines long. His starts just like mine until the last three net.bridge.bridge-nf-call-* lines (which were removed), then all the remaining lines are new.
Reply With Quote
  #7  
Old 2nd September 2012, 12:33 PM
linuxquest Offline
Registered User
 
Join Date: Nov 2010
Posts: 7
linuxfirefox
Re: modify sysctl.conf on F17

Hello

i've replaced sysctl.conf with the original one that comes with f17, and I have the same problem
"Failed to start Apply Kernel Variables" at startup

See 'systemctl status systemd-sysctl.service' for details.

systemd-sysctl.service - Apply Kernel Variables
Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static)
Active: failed (Result: exit-code) since Sun, 02 Sep 2012 11:28:15 +0100; 5s ago
Docs: man:systemd-sysctl.service(8)
man:sysctl.d(5)
Process: 2320 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/systemd-sysctl.service

so i don't know what's to do next ?
Reply With Quote
  #8  
Old 3rd September 2012, 12:09 AM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,830
linuxfirefox
Re: modify sysctl.conf on F17

How did you replace it? Does it have the proper security label?
Reply With Quote
  #9  
Old 3rd September 2012, 08:17 AM
linuxquest Offline
Registered User
 
Join Date: Nov 2010
Posts: 7
linuxfirefox
Re: modify sysctl.conf on F17

Quote:
Originally Posted by jpollard View Post
How did you replace it? Does it have the proper security label?
cp sysctl.conf.old sysctl.conf

ls -Z sysctl.conf :

-rw-r--r--. root root system_u:object_r:system_conf_t:s0 sysctl.conf


thanks
Reply With Quote
  #10  
Old 3rd September 2012, 09:21 AM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 6,032
linuxfirefox
Re: modify sysctl.conf on F17

What happens if you circumvent systemctl and just do the load manually?

Run
Quote:
sysctl -p /etc/sysctl.conf
as root and see if there's an error
Reply With Quote
  #11  
Old 3rd September 2012, 11:14 PM
DBelton Offline
Administrator
 
Join Date: Aug 2009
Posts: 7,320
linuxfirefox
Re: modify sysctl.conf on F17

also, look in /etc/sysctl.d/ and make certain you don't have files in there that could have errors in them. They get loaded just like /etc/sysctl.conf does.
Reply With Quote
Reply

Tags
f17, modify, sysctl.conf, sysctlconf

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to backup and restore Iptables rules and sysctl.conf? Cylinder57 Security and Privacy 0 20th April 2012 04:31 AM
Changes to sysctl.conf not working vonedaddy Using Fedora 2 2nd January 2012 02:18 AM
Question about /etc/sysctl.conf icanfly0307 Using Fedora 2 4th February 2009 02:18 AM
Pls modify my grub.conf FedoX Using Fedora 1 24th August 2005 04:33 AM
list of keywords used in /etc/sysctl.conf fire-fly Using Fedora 2 20th May 2005 02:56 AM


Current GMT-time: 17:31 (Tuesday, 02-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat